On Jan 18, 2008 5:38 AM, Lapo Luchini <address@hidden> wrote:
We should maybe trade in some "security" with speed, e.g.
mantaining a
DB table with a "cache of valid and not suspended branches".
I'm seriously wondering whether we oughtn't to cache validity for
*all* certs in the local database. Or perhaps go even further and
refuse to store "bogus" certs at all.
Pro: would speed up just about everything.
Con: we lose protection against database corruption and possibly
against local attacks (anyone who can do "mtn db execute" can bork a
certificate - I actually used this in a test case recently).
Perhaps there is a middle ground, where we continue to do the
checksum, but not the digital signature validation, except when we
first hear about a cert.